Presentation is loading. Please wait.

Presentation is loading. Please wait.

Policy Evaluation Testbed Vincent Hu Tom Karygiannis Steve Quirolgico NIST ITL PET Report May 4, 2010.

Published byGeorge Atkinson Modified over 9 years ago

Similar presentations

Presentation on theme: "Policy Evaluation Testbed Vincent Hu Tom Karygiannis Steve Quirolgico NIST ITL PET Report May 4, 2010."— Presentation transcript:

1 Policy Evaluation Testbed Vincent Hu Tom Karygiannis Steve Quirolgico NIST ITL PET Report May 4, 2010

2 2 AC Policy Composing Problems No structure model framework to support policy authoring. No tool to check correct policy rule specifications, which are hand crafted by administrators. No tool for checking the effect (conflicts of rules) when combining more than one polices. No efficient ways to generate exhaust test cases for the correctness of an access control system.

3 3 Access Control Policy Tool (ACPT) ACPT is a tool for composing access control models (such as RBAC and Multi-Level models) Features: Allows specification of policy combinations, rules and properties through model templates Allows testing and verification of policies against specified properties and reports problems that may lead to security holes Generates efficient test suites (by applying NIST’s combinatorial testing technology) for testing of access control implementation Test suites can be applied to any access control implementation Ensures the safety and flexibility in composing access control policies XACML policy generation

4 4 ACPT Architecture GUI AC Model Templates Data Acquisition Policy GeneratorModel Checker Test Suite Generator Combinatorial Array Generator Access Control Policy Tool User, attribute, resource, role, etc. data GUI allows specification of users, groups, attributes, roles, rules, policies, and resources Generates encoded policies.xml Generates test suites Validates access control policy models API/mechanism to consume/acquire external data related to policies Generates combinatorial test array Test suite Administrator optional functions XACML

5 5 ACPT

6 6

7 7 ACPT Demo Policy A (excerpt from 28 CFR Part 23 Statutes and Govt. Category) Subject Attributes Resource Attributes Action Rule number 28 CFR Part 23 Training Government Category Privacy Category Read 1CurrentFederalISEYes 2CurrentStateISEYes 3Expired/Non e FederalISEYes 4CurrentFederalSLTYes 5CurrentStateSLTYes 6Expired/Non e StateSLTYes Policy B (excerpt from Govt. Category, Remote Access, and OMB/NIST Assurance) Subject AttributesResource Attributes Action Rule number Government Category Remote Access OMB/NIST Assurance Level Privacy Category Read 7FederalYes2ISEYes 8FederalYes3 or greaterISEYes 9FederalNo2 or greaterISEYes 10StateYes3 or greaterISEYes 11StateNo2ISEYes 12FederalYes3 or greaterSLTYes 13FederalNo2 or greaterSLTYes 14StateYes2SLTYes 15StateYes3 or greaterSLTYes 16StateNo2SLTYes

8 8 ACPT Demo Property to test: A request with the attributes: * “Current” for 28 CFR Part 23 Training, * “Federal” for Government Category, * “ 1” for Assurance Level, * “True” for Remote Access, to “read” data with * “ISE” Privacy Category attribute should not be allowed. The rules say: Rule number 1 of Policy A grants the request of the property, but no rule in Policy B grants such request.

9 9 ACPT Demo Property specification in ACPT

10 10 ACPT Demo Test the property against Policy A, the result return false with counterexample.

11 11 ACPT Demo Test the property against Policy B, the result return true.

12 12 ACPT Demo Test the property against Policy A merged with Policy B, the result return false for Policy A but true for Policy B. Note that for merged policies there is no priorities between policies

13 13 ACPT Demo Test the property against Policy A combined with Policy B. Combined polices has the priorities of the combined rules. This slide shows the combination of policies, where Policy B has higher priority than policy A

14 14 ACPT Demo Test the property against Policy A combined with Policy B, and we set the “Default Deny” rules for both policies, the verification result return true for the combined policy.

15 15 ACPT Demo Test cases generation:

16 16 ACPT Demo XACML generation:

17 17 Live Demo

18 18 Compare ACPT with commercial AC tools So far, a commercial AC policy management tool does not have all the following capabilities that NIST ACPT has:  AC (access control) model templates for entering polices: RBAC, Multi- Level, RuBAC (rule based), and Workflow, even some (such as IBM Tivoli) claims provide RuBAC, RBAC, and ABAC templates which are only simulated by using rules, in other words, there is no Role or Attribute relation (hierarchy) building capability,  Combining different AC models into one. (e.g. combine RBAC policy with RuBAC and ABAC policies)  AC Property (described by Boolean predicate) verification (IBM has limited SOD (Separation of Duty) check) to ensure the created policy can satisfy any combination of rule constraints.  Test case (suite) generator for testing in real operation environment to assure there is no privilege leakage caused by faults other than the AC policy.

19 19 ACPT Future Work  Policy (or rule) priority configuration for combining different models or rules (e.g., combinations of global and local policies)  White-box model/properties verification to verify coverage and confinement of access control rules  Generate XACML policies derived from verified access control model or rules  Additional access control policy templates including dynamic and historical access control models  API or mechanism for acquiring or consuming information about users, attributes, resources, etc.  Web-ACPT allowing convenient web-based policy composition

20 20 Progress Report  PET State-to-State policy scenarios defined XACML and PEP coding to support new scenario Numerous software enhancements Preparing demo for Fusion Center conference  DHS/JHUAPL Identity Provider Service Privacy Policy Matrix  DoJ and HHS Presentations  Computer Associates CRADA Policy Expression and Automated Extraction  National Security Agency Quarterly Technical Exchanges

21 21 Progress Report (cont.)  Presentation and Demo, 2010 Fusion Center Technology Workshop, June 8th and 9th, 2010  Decentralized Information Group, Computer Science & Artificial Intelligence Lab, Massachusetts Institute of Technology  Nationwide Health Information Network (NHIN), CONNECT, HHS – ACPT Tool

22 22 Contact Information  Vincent Hu – vincent.hu@nist.gov  Tom Karygiannis – karygiannis@nist.gov  Steve Quirolgico – steveq@nist.gov

Download ppt "Policy Evaluation Testbed Vincent Hu Tom Karygiannis Steve Quirolgico NIST ITL PET Report May 4, 2010."

Similar presentations

© 2006 FedEx. All rights reserved. FedEx Ship Manager ® at fedex.com Shipping Administration.

© 2006 FedEx. All rights reserved. FedEx Ship Manager ® at fedex.com Shipping Administration.
Institute for Cyber Security

Institute for Cyber Security
ENGINEERING AUTHORITY AND TRUST IN CYBERSPACE: A ROLE-BASED APPROACH Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University.

ENGINEERING AUTHORITY AND TRUST IN CYBERSPACE: A ROLE-BASED APPROACH Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University.
1 Authorization XACML – a language for expressing policies and rules.

1 Authorization XACML – a language for expressing policies and rules.
Administrative Policies in XACML Erik Rissanen Swedish Institute of Computer Science.

Administrative Policies in XACML Erik Rissanen Swedish Institute of Computer Science.
New Challenges for Access Control April 27, 2005 1 Improving Usability and Expressiveness with Dynamic Policies and Obligations Dennis Kafura Markus Lorch.

New Challenges for Access Control April 27, Improving Usability and Expressiveness with Dynamic Policies and Obligations Dennis Kafura Markus Lorch.
Process Model for Access Control Wael Hassan University of Ottawa Luigi Logrippo, Université du Québec en Outaouais.

Process Model for Access Control Wael Hassan University of Ottawa Luigi Logrippo, Université du Québec en Outaouais.
8.2 Discretionary Access Control Models Weiling Li.

8.2 Discretionary Access Control Models Weiling Li.
Authz work in GGF David Chadwick

Authz work in GGF David Chadwick
Secure Systems Research Group - FAU Patterns for access control E.B. Fernandez.

Secure Systems Research Group - FAU Patterns for access control E.B. Fernandez.
Wednesday, June 03, 2015 © 2001 TrueTrust Ltd1 PERMIS PMI David Chadwick.

Wednesday, June 03, 2015 © 2001 TrueTrust Ltd1 PERMIS PMI David Chadwick.
1 July 2005© 2005 University of Kent1 Seamless Integration of PERMIS and Shibboleth – Development of a Flexible PERMIS Authorisation Module for Shibboleth.

1 July 2005© 2005 University of Kent1 Seamless Integration of PERMIS and Shibboleth – Development of a Flexible PERMIS Authorisation Module for Shibboleth.
Lecture 7 Access Control

Lecture 7 Access Control
Distributed Computer Security 8.2 Discretionary Access Control Models - Sai Phalgun Tatavarthy.

Distributed Computer Security 8.2 Discretionary Access Control Models - Sai Phalgun Tatavarthy.
Introduction to Software Testing

Introduction to Software Testing
Combining KMIP and XACML. What is XACML? XML language for access control Coarse or fine-grained Extremely powerful evaluation logic Ability to use any.

Combining KMIP and XACML. What is XACML? XML language for access control Coarse or fine-grained Extremely powerful evaluation logic Ability to use any.
XACML Gyanasekaran Radhakrishnan. Raviteja Kadiyam.

XACML Gyanasekaran Radhakrishnan. Raviteja Kadiyam.
1 © Talend 2014 XACML Authorization Training Slides 2014 Jan Bernhardt Zsolt Beothy-Elo

1 © Talend 2014 XACML Authorization Training Slides 2014 Jan Bernhardt Zsolt Beothy-Elo
XACML Briefing for PMRM TC Hal Lockhart July 8, 2014.

XACML Briefing for PMRM TC Hal Lockhart July 8, 2014.
Effectively Integrating Information Technology (IT) Security into the Acquisition Process Section 5: Security Controls.

Effectively Integrating Information Technology (IT) Security into the Acquisition Process Section 5: Security Controls.

Similar presentations

Ads by Google